Vulnerability Details : CVE-2013-6666
The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a PPB_Flash.Navigate operation, which might allow remote attackers to bypass intended CORS restrictions via an inappropriate header.
Exploit prediction scoring system (EPSS) score for CVE-2013-6666
Probability of exploitation activity in the next 30 days: 0.36%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 69 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-6666
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
CWE ids for CVE-2013-6666
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6666
-
http://www.securityfocus.com/bid/65930
Google Chrome Prior to 33.0.1750.146 Multiple Security Vulnerabilities
-
http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
https://src.chromium.org/viewvc/chrome?revision=249114&view=revision
[chrome] Revision 249114
-
http://www.debian.org/security/2014/dsa-2883
Debian -- Security Information -- DSA-2883-1 chromium-browser
-
https://code.google.com/p/chromium/issues/detail?id=332023
332023 - chrome allows POST requests with custom headers using flash + 307 redirect - chromium - Monorail
Products affected by CVE-2013-6666
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.113:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.112:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.104:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.93:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.83:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.82:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.73:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.71:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.64:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.63:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.56:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.55:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.47:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.46:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.38:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.29:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.28:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.20:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.19:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.11:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.10:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.115:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.107:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.106:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.88:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.85:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.75:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.74:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.66:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.65:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.58:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.57:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.49:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.48:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.41:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.40:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.30:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.21:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.13:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.12:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.4:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.109:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.108:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.90:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.89:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.79:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.77:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.76:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.68:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.60:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.51:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.50:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.43:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.42:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.34:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.24:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.23:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.15:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.14:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.7:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.6:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.111:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.110:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.92:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.91:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.81:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.80:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.70:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.69:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.62:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.61:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.54:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.53:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.52:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.45:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.26:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.25:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.16:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.9:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.125:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.126:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.135:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.136:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.116:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.117:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.124:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.132:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.133:*:*:*:*:*:*:*